[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.
From: Sir Mordred <sir.mordred.lists@xxxxxxxxx>
Date: Thu, 23 Aug 2007 23:59:25 +0300

After reading the paper (haven't tested the implementation itself yet) I can see
two possible design flaws, one, that there are more sources of tainted
data than g/p/c, and two, that FSMs cannot be used with recursive
languages. More detailed thoughts here: http://mordred.niama.net/blog/?p=120

-- Mordred

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.
  - From: Ezequiel Gutesman
- Re: [Full-disclosure] Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.
  - From: Ezequiel Gutesman

Prev by Date: [Full-disclosure] FLEA-2007-0048-1 xterm
Next by Date: [Full-disclosure] rPSA-2007-0169-1 xterm
Previous by thread: Re: [Full-disclosure] Announcement: Releasing CORE GRASP for PHP. An open source, dynamic web application protection system.
Next by thread: [Full-disclosure] Security Contact for FOX Sports
Index(es):
- Date
- Thread